|
|
|
|
@ -1228,7 +1228,6 @@ of `M_FORBIDDEN`.
|
|
|
|
|
|
|
|
|
|
The following endpoint prefixes MUST be protected:
|
|
|
|
|
|
|
|
|
|
- `/_matrix/federation/v1/send` (on a per-PDU basis)
|
|
|
|
|
- `/_matrix/federation/v1/make_join`
|
|
|
|
|
- `/_matrix/federation/v1/make_leave`
|
|
|
|
|
- `/_matrix/federation/v1/send_join`
|
|
|
|
|
@ -1245,6 +1244,22 @@ The following endpoint prefixes MUST be protected:
|
|
|
|
|
- `/_matrix/federation/v1/event_auth`
|
|
|
|
|
- `/_matrix/federation/v1/get_missing_events`
|
|
|
|
|
|
|
|
|
|
Additionally the [`/_matrix/federation/v1/send/{txnId}`](#put_matrixfederationv1sendtxnid)
|
|
|
|
|
endpoint MUST be protected as follows:
|
|
|
|
|
|
|
|
|
|
- ACLs MUST be applied to all PDUs on a per-PDU basis. If the sending
|
|
|
|
|
server is denied access to the room identified by `room_id`, the PDU
|
|
|
|
|
MUST be ignored with an appropriate error included in the response
|
|
|
|
|
for the respective event ID.
|
|
|
|
|
- ACLs MUST be applied to all EDUs that are local to a specific room:
|
|
|
|
|
|
|
|
|
|
- For [typing notifications (`m.typing`)](#typing-notifications), if
|
|
|
|
|
the sending server is denied access to the room identified by
|
|
|
|
|
`room_id`, the EDU MUST be ignored.
|
|
|
|
|
- For [receipts (`m.receipt`)](#receipts), all receipts for a particular
|
|
|
|
|
room ID MUST be ignored if the sending server is denied access to
|
|
|
|
|
the room identified by that ID.
|
|
|
|
|
|
|
|
|
|
## Signing Events
|
|
|
|
|
|
|
|
|
|
Signing events is complicated by the fact that servers can choose to
|
|
|
|
|
|
Johannes Marbach
1 year ago
committed by